11 July 2025
1300 794 893
We now know a little more on what was taken in the Qantas hack, as the airline confirms that 5.7 million unique customers were compromised, including its most elite members.
In case you missed it, Qantas announced a week ago its customers have had their data stolen as a result of an external hack.
Hackers didn't exactly kick down the door and make off with a computer full of files. Instead, they breached a business that works with Qantas instead.
Here's how Qantas CEO Vanessa Hudson describes what happened:
On Monday, we detected unusual activity on a third-party platform used by one of our airline contact centres. We immediately contained the incident and can confirm all Qantas systems remain secure.
Our initial investigations show the compromised data includes some customers' names, email addresses, dates of birth and Frequent Flyer numbers. Importantly, no credit card details, personal financial information and passport details are held in the system that was accessed. No Frequent Flyer accounts, passwords, PIN numbers or log in details have been compromised.
Qantas says its own systems weren’t breached, but one of its outsourced partners (likely a call centre or marketing firm) was. At this stage the name of the firm that was breached hasn't been shared. What we do know is that the hackers were able to make off with a considerable amount of data on Qantas' customers it had a lot of customer data stored in it.
Here’s how the numbers break down:
Qantas says it has now completed forensic analysis and is contacting affected customers to let them know what specific data of theirs was in the compromised system.
Qantas has been emphasising over and over that this breach didn’t include your password, PIN, login credentials, passport, or credit card details.
But just because the data can’t be used to directly log into your account doesn’t mean it’s harmless. Names, dates of birth, email addresses and phone numbers are the building blocks for identity theft and targeted phishing.
If you’ve ever received a scam text that knew your name or airline loyalty program, this is how they get that data.
Qantas insists Frequent Flyer accounts remain secure and that two-factor authentication is on by default. Still, now’s a good time to check that your account is locked down and that you’re using unique passwords across services.
Among the customers affected are almost certainly members of Qantas’ most exclusive club: the Chairman’s Lounge.
For those unfamiliar, the Chairman’s Lounge isn’t something you can earn your way into by flying a lot or spending big on your credit card. It’s a private, off-the-books tier of Qantas’ loyalty program, reserved for the most influential travellers in the country — think Prime Minister Anthony Albanese, senior politicians, ASX 100 CEOs, major media figures and Qantas’ own corporate partners.
The membership list is never published, and invitations are extended personally by Qantas executives. If hackers did get their hands on those records, they now likely hold a partial list of some of the most powerful and high-profile people in Australia, along with their personal contact information, travel habits and Frequent Flyer account data. Not to mention their meal preferences!
While Qantas says the exposed data isn’t enough to access those accounts directly, it’s still a significant potential privacy risk, and a juicy target for phishing or blackmail.
Scammers can use this information to engage in something called "spearphishing" attacks. Unlike regular "phishing" attacks where scammers will trawl a list of people to try and score more private and financial data, so-called "spearphishing" sees them focus their attack on a specific target or small group of targets.
While Qantas has downplayed the fallout publicly, hackers have now reportedly made contact with the airline. That contact hasn’t been confirmed or described in detail, but in the context of a large breach like this, it usually means one thing: a ransom demand.
Typically, attackers will give companies an ultimatum: pay up, or the stolen data will be sold, published or leaked to the highest bidder. It’s a tactic we’ve seen in recent Australian cyberattacks, from Medibank to Optus.
Qantas hasn’t confirmed any ransom requests and continues to say that none of the stolen data has been publicly released so far.
Since the breach, Qantas has been working with cyber experts and law enforcement agencies, including the National Cyber Security Coordinator and the AFP. It says it’s introduced additional security measures and will continue monitoring for misuse.
Affected customers are being contacted progressively via email, and a dedicated 24/7 helpline remains available:
1800 971 541 or +61 2 8028 0534
As always, Qantas reminds customers that it will never ask for your passwords, PINs or booking reference details out of the blue.
Even if your own data was only partially involved in this breach, it’s another reminder that you need to lock down your digital life.
Start by:
This story is still unfolding. But the reality is, breaches like this are no longer rare — they’re inevitable. The best defence is being prepared before your details end up in the wrong hands.
